Assessing Supplier Resilience

Assessing Supplier Resilience

Your organization has a choice regarding supplier resilience. You may assume that suppliers have sufficient plans and recovery procedures that will reduce the risk and impacts of disruptions to their operations. Or, you may choose to actively verify supplier resilience.

Either choice is valid so long as it is made overtly and after assessing the relative risks of each choice.

If your organization chooses to hold suppliers accountable for their resilience as a condition of the business relationship, there are policies, standards and processes to implement.

Supplier resilience standards should flow directly from your own resilience objectives. Your supplier compliance standards may need to be implemented in stages consistent with your own and suppliers’ BCM program maturity.

Your dependency analysis, part of your annual business continuity program review, should identify your critical suppliers, all of which should be subject to the resilience compliance program.

When initiating a supplier resilience compliance program, convey the compliance policy to each supplier, secure their formal commitment and integrate compliance in the procurement and contracting process thereafter.

It would be wise to provide a non-disclosure agreement (NDA) because many suppliers may claim their business continuity information is proprietary.

To ensure clarity, provide suppliers with a business continuity plan template and your assessment criteria.

At a minimum, annual reviews of supplier compliance will include:

  • Supplier business continuity plan (BCP) – Verify the BCP was revised within the past 12 months and includes the data required by your plan template. Look for supplier communication procedures with customers, risk mitigations, and redundancies for the supplier’s own critical dependencies.
  • Supplier recovery exercises – Confirm the supplier conducted one or more meaningful exercises within the past 12 months, the results, and status of corrective actions to close gaps identified.

Conduct supplier resilience assessments using a standardized report card or dashboard that may be used as the basis for collaborating with the supplier to meet resilience requirements. The tool should present findings as briefly and graphically as possible, with specific recommendations. After meeting with the supplier to review results, agree on a deadline for completing corrective actions.

The objective for assessing supplier resilience is to reduce your risk and confirm the supplier will be there for you, or to identify gaps to close or mitigate. Take a collaborative approach to the process.

Ultimately, as your supplier compliance program matures, it will progress from an assessment of suppliers' BCM programs to also measure actual supplier resilience, integrating some of the organizational resilience measures used to assess your own organization. Eventually, compliance may include one or more or your critical suppliers actively participating in your recovery exercises.
Copyright ©2023, Business Resilience Solutions, LLC. All rights reserved.
Build your resilience with Business Resilience Solutions.
Safeguard your past efforts and future profits with smart Business Continuity Management guided by Business Resilience Solutions.
Start Now